What is VXLAN? What is VXLAN EVPN? We will answer these questions in this video.
VXLAN is primarily a replacement technology for Ethernet and VPLS. If we assume that Ethernet is the most widely used technology on the network, then we can say that VXLAN is the next generation network used in both Enterprise and service provider environments.
Of course, Ethernet is currently the most widespread technology in Enterprise networks, both in the LAN and in the data center. MPLS VPN and VPLS are also the most widely used services in the service provider environment. So we can expect that VXLAN will be the most widely used network in both Enterpride and service provider networks in the future.
As a witness we can see that the new Cisco SD-Access, cisco new LAN solution and also Cisco ACI, the new Cisco SDN-based data center solution, are based entirely on VXLAN technology.
How VXLAN works?
How VXLAN works? VXLAN is a layer 2 tunnel over the L3 IP network. That is, instead of creating a native Layer 2 Ethernet network, we are creating a L3 IP network and on top of that, L2 tunnels for L2 connectivity. In this way, we get rid of Ethernet challenges such as STP and flooding. in IP networks all links are used simultaneously and no links are blocked by STP. Also, we don’t have flooding on the L3 network as they are being dropped by routers.
VXLAN versus OTV and VPLS
We have also some other L2 over IP network technologies like OTV and VPLS. What is the advantage of VXLAN? In VXLAN encapsulation, 12-bit dot1q VLAN tag is removed from Ethernet encapsulation and replaced with 24-bit VNI in VXLAN encapsulation. That means we have no more, the limitation of 4096 VLAN in Ethernet network. at least in theory, 16.000.000 VLAN is supported in VXLAN Network. In practice, we don’t have 16 million VLANs, but the number isn’t that small to be limiting.
MAC Address Table in VXLAN
How does the MAC address table differ in the VXLAN network? It is similar to Ethernet. In Ethernet, MAC addresses are mapped to Ethernet interface numbers. in VXLAN, local MAC addresses are mapped to Ethernet interface numbers as Ethernet network, but remote MAC addresses are mapped to remote IP addresses which is Tunnel Endpoint. Tunnel Endpoints are called VTEP or VXLAN Tunnel Endpoint. In this photo, MAC1 is local and mapped to port Ethernet1 but MAC2 is remote from Switch1 perspective and is mapped to VTEP IP Address of Switch2 which is IP2.
MAC Address Learning in VXLAN
How MAC Address learning differs in VXLAN? Learning in VXLAN is the same as with Ethernet. In other words, the MAC learning is carried out in the data plane and at the same time of forwarding. When a switch receives a frame, the frame’s source mac address is mapped to the receiving port. When a frame is received over the tunnel in VXLAN, the MAC address is mapped to the source IP address of the tunneled packet. In this photo, MAC1 is mapped to port Ethernet1 since Switch1 receive the frame with source address of MAC1 In this port. But Switch2 receives a packet through tunnels with the source tunnel address IP1. the source Mac address of the encapsulated frame is MAC1. MAC1 is therefore mapped to IP1.
VXLAN versus VXLAN EVPN
What is the difference between VXLAN and VXLAN EVPN? In VXLAN , as already said, MAC learning takes place in the data level and at the time of forwarding. With VXLAN EVPN, however, MAC learning takes place via the BGP protocol between access / leaf switches. In other words, in each access switch, the local MAC address are made known to other access switches via BGP and before forwarding starts. In this photo, MAC1 is local to Switch1 and MAC2 is local in Switch2. Switches advertise their locally MAC addresses though BGP to each other.
Traffic Forwarding in VXLAN
How is Ethernet frame forwarding different in VXLAN? Actually it is like Ethernet network. Local known unicast frames are forwarded on the outgoing interface. In this photo frame from MAC1 to destination MAC2 is forwarded locally In the switch and in Ethernet 2. remote known unicast frames are forwarded through VXLAN tunnel to the VTEP address of the egress access switch. Here, original Ethernet frame with destination MAC address of MAC3 in encapsulated in VXLAN Packet with Source IP Address of Ingress Access Switch (IP1) and destination IP Address of Egress Access Switch (IP2).
BUM Traffic Forwarding in VXLAN
Unknown unicast frames, broadcast frames and multicast frames, i.e. BUM frames, are replicated on every remote access switch and also flooded into all native Ethernet ports. In VXLAN EVPN, BUM traffic forwarding is optimized with the help of Multicast Tree, which we will talk about in the next videos.
The last point I just want to point out is that VXLAN is usually implemented in a leaf-and-spine architecture rather than a traditional access aggregation architecture. In the next video, I’ll talk more about leaf-and-spine architecture and its benefits.